The nice work-around is to have 2 different networks. All you need: 2 phone lines (with ADSL) or a cable and an ADSL connection, each with it's own modem and router. One for the business and one for the guests.
No problems with security, no problems with shared bandwidth.
I have a setup in a restaurant.
I'm connecting several screens with Ethernet cables and connecting them via vpn to a remote office (HQ) for controlling the contents of the screens, the vpn connection is working and HQ admin can monitor and control the screens, BUT:
In the same time the restaurant is offering wifi connection to his guests using the same network.
I want to prevent the wifi users to ping or see the Ethernet network.
The router I have is Linksys E1000 which is connecting to internet service provider line and gives internet to wifi and Ethernet.
The next problem that I want to solve:
when there are many guests using the wifi the vpn connection became slow because the most bandwidth is utilized by wifi users, how can I give a limited bandwidth to wifi users and save 60% e.g. of the bandwidth dedicated to ethernet network which the vpn is using it.
The vpn HW is IPTL 71 for the restaurant, and IPTL 78 for the remote office (HQ).